Proxmox+Opnsense(+truenas?)

[Marinoz]

So i run opnsense at proxmox and at the proxmox installation it asks me for a gateway. But my gateway is opnsense that runs in proxmox . Also my mini pc (server) has four ethernet ports and one of them is for accessing proxmox and the two others are lan and wan of opnsense . Does it matter if the proxmox gateway ip matches the lan ip of opnsense as they are at different ports or does it matter because they are on the same switch? Also second question. Can i use a port like opnsense lan for another vm to advertise it through the same port? Like truenas?

[heaven73]

Hello,
on proxmox i am used to openvswitch because i prefer the vlan handling of openvswitch, but should be the same also with linux bridges. There is several approches to handle opnsense virtualized on proxmox:

Environment 1:
lets suppose you have the vmbr0 bridge where you have the management ip for proxmox. on openvswitch i dont put the ip on the vmbr but on a port without tag. so i have that bridge a Trunk. or anyway make it vlanaware. hope this is clear what its meant.
you probably have a vmbr1 where you have another nic linked which acts a WAN.
in this context you will create a vm for opnsense with 2 nics - put first vmbr0 and second vmbr1 . the installation will automatically assign vmbr0 as lan and vmbr1 as  wan. the vmbr1 will be connected to the internet. on vmbr0 when installed the opensense will be in your lan. put on the console a proper ip address and you can configure even vlans. works like a charm.
to make the proxmox "routable" you can then add the ip address of the opnsense to the management bridge/port of proxmox. so this makes it reachable from other subnets/vpn etc
the other vms will have vmbr0 as lan eventually with the proper tag for the corresponding vlan on the opnsense. put the opnsense ip as gateway.
if you will have a vm for truenas dont forget a controller with pci passthrough for ZFS mandatory. or if its phisical will be on same net with vmbr1 with an ip of same class like the lan port of opnsense the mangement of proxmox etc.

2nd environment like in a colocation with just a public ip assigned:
in that context you are forced based on the number of ip to act different:
- if you are lucky to have multiple ips just put the mgmt which will be the public ip with the proxmox firewall filtered and the opennse will have that bridge of management as WAN port . the lan will be SDN or a phsical port with other colocated stuff.
- if you have a single public ip you must work with some linux nat by configuring the proxmox router, there is several tutorials on youtube and forums how to handle that.

hope this tips helps

[Marinoz]

i didnt understand a thing my man. anyway topic closed cause running firewall on vms and not bare metal is dangerous

[Heliox]

I have been running it in proxmox for 1.5 years. Works beautifully, just have a vm management port if something should break.